πΌ SC-8(1) Cryptographic Protection (L)(M)(H)
- Contextual name: πΌ SC-8(1) Cryptographic Protection (L)(M)(H)
- ID:
/frameworks/fedramp-low-security-controls/sc/08/01 - Located in: πΌ SC-8 Transmission Confidentiality and Integrity (L)(M)(H)
Descriptionβ
Implement cryptographic mechanisms to [FedRAMP Assignment: prevent unauthorized disclosure of information AND detect changes to information] during transmission.
SC-8 (1) Additional FedRAMP Requirements and Guidance:
Guidance: See M-22-09, including "Agencies encrypt all DNS requests and HTTP traffic within their environment"SC-8 (1) applies when encryption has been selected as the method to protect confidentiality and integrity. Otherwise refer to SC-8 (5). SC-8 (1) is strongly encouraged.
Guidance: Note that this enhancement requires the use of cryptography which must be compliant with Federal requirements and utilize FIPS validated or NSA approved cryptography (see SC-13).
Guidance: When leveraging encryption from the underlying IaaS/PaaS: While some IaaS/PaaS services provide encryption by default, many require encryption to be configured, and enabled by the customer. The CSP has the responsibility to verify encryption is properly configured.
Requirement: Please ensure SSP Section 10.3 Cryptographic Modules Implemented for Data At Rest (DAR) and Data In Transit (DIT) is fully populated for reference in this control.
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/sc/08/01/frameworks/fedramp-high-security-controls/sc/08/01
- Internal
- ID:
dec-c-cb51ef9f
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP High Security Controls β πΌ SC-8(1) Cryptographic Protection (L)(M)(H) | 6 | 10 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ SC-8(1) Transmission Confidentiality and Integrity _ Cryptographic Protection | 8 | 10 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (10)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS API Gateway REST API Stage is not configured to use an SSL certificate for authentication π’ | 1 | π’ x6 |
| π AWS S3 Bucket Policy is not set to deny HTTP requests π’ | 1 | π’ x6 |
| π Azure App Service FTP deployments are not disabled π’ | 1 | π’ x6 |
| π Azure App Service HTTPS Only configuration is not enabled π’ | 1 | π’ x6 |
| π Azure MySQL Flexible Server require_secure_transport Parameter is not set to ON π’ | 1 | π’ x6 |
| π Azure MySQL Flexible Server TLS Version is not set to TLS 1.2 π’ | 1 | π’ x6 |
| π Azure PostgreSQL Flexible Server require_secure_transport Parameter is not set to ON π’ | 1 | π’ x6 |
| π Azure PostgreSQL Single Server Enforce SSL Connection is not set enabled π’ | 1 | π’ x6 |
| π Azure Storage Account Minimum TLS Version is not set to TLS 1.2 or higher π’ | 1 | π’ x6 |
| π Azure Storage Account Secure Transfer Required is not enabled π’ | 1 | π’ x6 |